Hi Sender:
I will be out of the office until July 10, 2000. Please contact Dudley Smith,
Consulting Branch Lead, during my absence. His number is 703 713 3702.
Thank you and have a nice day.
Joe Huang
DC Consulting Branch Manager
>>> Firewalls 07/08/00 04:00 >>>
Firewalls-Digest Saturday, July 8 2000 Volume 08 : Number 1076
In this issue:
Re: IP Spoofing
Re: IP Spoofing
See the end of the digest for information on subscribing to the Firewalls
or Firewalls-Digest mailing lists and on how to retrieve back issues.
----------------------------------------------------------------------
Date: Sat, 08 Jul 2000 05:31:13 +0200
From: Mikael Olsson <[EMAIL PROTECTED]>
Subject: Re: IP Spoofing
Rogier Maas wrote:
> Our network is beeing Ping-Attacked every night by someone we don't know
> where from. The packets seem to come from all over the Net, sending ICMP
> Echo Request packets to the broadcast address and all our servers reply
> to the wrong host, probably the target of the original attacker.
>
> My question is: how do I get the attackers IP-address?
I think you'll find the info you need at
http://www.netscan.org/lamers-r-us.html
Two words:
1) Smurf
2) Amplifier
- --
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: [EMAIL PROTECTED]
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------
Date: Sat, 08 Jul 2000 01:43:27 -0500
From: Spikeman <[EMAIL PROTECTED]>
Subject: Re: IP Spoofing
you are being used as a smurf amplifier, fix your network
Rogier Maas wrote:
> Hi List,
>
> Our network is beeing Ping-Attacked every night by someone we don't know
> where from. The packets seem to come from all over the Net, sending ICMP
> Echo Request packets to the broadcast address and all our servers reply
> to the wrong host, probably the target of the original attacker.
>
> My question is: how do I get the attackers IP-address?
>
> TIA,
>
> Rogier Maas
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
- --
___
/\ \ phase two of global domination in operation, hide all lions.
/::\ \
/:/\:\ \ Comments or Questions email [EMAIL PROTECTED]
_\:\~\:\ \
/\ \:\ \:\__\ Spikeman [EMAIL PROTECTED]
\:\ \:\ \/__/ http://www.spikeman.net
\:\ \:\__\ Find Me On EFNET /whois Spikeman
\:\/:/ /
\::/ / Friends are lights in winter;
\/__/ The older the friend, the brighter the light.
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------
End of Firewalls-Digest V8 #1076
********************************
To unsubscribe from Firewalls-Digest, send the following command
in the body of a message to "[EMAIL PROTECTED]":
unsubscribe firewalls-digest
If you want to subscribe or unsubscribe an address other than the
account the mail is coming from, such as a local redistribution list,
then append that address to the command; for example, to subscribe
"local-firewalls":
subscribe firewalls-digest [EMAIL PROTECTED]
A non-digest (direct mail) version of this list is also available; to
subscribe to that instead, replace all instances of "firewalls-digest"
in the commands above with "firewalls".
Compressed back issues are available for anonymous FTP from
Lists.GNAC.NET, in pub/firewalls/digest/vNN.nMMM.Z (where "NN"
is the volume number, and "MMM" is the issue number).
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
